Despite the dangers, most companies lack visibility into the totality of their digital footprint.
Companies are awash in data. “Big Data” and its promise of actionable insights and automation has led to companies hoarding information, often without a plan about how to harness it for value creation.
The majority of data being created today is unstructured or “dark” data. Gartner defines dark data as “the information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes (for example, analytics, business relationships and direct monetizing). In today’s digital environment, unstructured data comes in many forms, from social media to application logs to audio and video files. Unstructured data is unorganized, raw and often forgotten about when putting technology and processes in place to protect data.
As companies continue to employ security in layers, hackers are evolving their attack vectors to get to the data they want. They’re looking for the easiest way to get to sensitive data – and that new attack vector is unstructured data.
Analysts at Gartner (gated) report that 33% of stale data stores haven’t been touched in three years or more, and estimate that up to 80% of the data footprint of an organization is unstructured, making this type of data an organization’s Achilles heel. As unstructured data continues to grow, hackers will continue to evolve and exploit this weakness.
A Big Problem
“There are only two types of companies: those that have been breached and those that don’t know they have.” – Elena Kvochko, CIO, Barclays and Rajiv Pant, CTO, The New York Times
Unbeknownst to most organizations, their petabytes of data stored around the world in various file shares or document management systems are one of the biggest contributors to a breach and what hackers go after first – the path of least resistance.
According to the Ponemon Institute, 66% of small to medium-sized businesses worldwide reported a security breach in the past year. And, by the time a breach is discovered, hackers have typically been inside an organization’s data for 6-9 months looking for confidential information. Unfortunately, this also means the hackers probably know what’s in your data better than you do.
We mentioned earlier that close to 80% of an organization’s data estate is unstructured – well nearly 80% of enterprises also have little to no visibility into their data surface footprint. For businesses today, digital assets are often more valuable than physical assets. In 2016, businesses saw a massive 566% increase in compromised records.
So, how can you protect what you don’t know you have? It’s not a trick question – you can’t. With data privacy regulations such as California’s Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR) fining companies on a per-record basis, it’s more important than ever to secure and protect unstructured data from hackers. Dark data presents a real problem including data privacy and compliance, eDiscovery consideration and storage costs – it can’t be ignored any longer.
Don’t Keep Adding to the Issue
While unstructured data can feel like the stuff of nightmares, the good news is that there are tools and processes available to effectively manage data growth and security.
Creating a data map is a critical first step. A comprehensive data map helps drive cohesive interplay between tools. An enterprise-wide data security strategy puts the policies into place to take stock of data, standardize reporting, implement security procedures and discover potential use cases for data.
It’s important to strike the right between keeping data for value extraction and deleting data for risk mitigation.
Shining a Light on your Dark Data
With unstructured data continuing to grow, organizations need to choose tools which will scale to manage the totality of their environment and map new and on-going initiatives to specific processes. Enterprises need an actionable plan to control and control their data. Here are 5 key steps an enterprise can take to help secure unstructured data:
- Create a data map: Securing unstructured data is nearly impossible without understanding all the different content repositories where unstructured data may be stored. The true size of unstructured data is often unknown. When you think about how many times a file or a close iteration of the file can be saved across Box, DropBox, Share Point etc. you know why it’s so hard to quantify. It’s important to understand the location and usage of unstructured data as without this critical first step,
- Classify your data: Not all data has the same value, nor does it require the same amount of protection. While some data may not have business value, it could still be sensitive, which is why it needs to be classified with the appropriate tags. Data governance experts use the term ROT – redundant, obsolete, trivial – to describe data that provides no business value. File analysis software allows an enterprise to classify data and optimize data usage.
- Minimizing Data: The practice of hoarding data is not only a privacy blind spot, but also increases the risk of Personally Identifiable Information (PII) and Highly Confidential Information (HCI) being accessed in a breach. The longer you hold data, the more risk increases while value decreases – a lose/lose situation. After mapping and classifying your data, you can delete or quarantine data which provides no business value.
- On-going Data Governance: Once you understand what data is vulnerable and what is valuable you can put the appropriate and necessary security measures in place. With a reduced data surface footprint, it’s easier to manage data in line with retention policies and procedures. Start to acquire data progressively, and only when genuinely needed.
Lowering the Risk of Unstructured Data
Data breaches are now a “when” versus an “if”. As the number of data breaches not going anywhere (Carnival Cruises, Microsoft, Estee Lauder, etc.) risk-conscious enterprises are looking to tackle the inherent risk which resides in unstructured data. Visibility into your unstructured data estate is the first, very necessary step to mitigating this risk. This is the only way to get a measurement of the depth of your organization’s exposure, the location and magnitude of the data, what needs remediation and what is overdue for erasure.
Securing and protecting unstructured data is not a one and done activity. Unstructured data needs to be continually monitored and managed – otherwise hackers will continue to exploit this vulnerability. Don’t fall victim to your dark data – it CAN hurt you.